This project is community-maintained. Security fixes are applied to the latest release on the main branch.

If you believe you have found a security vulnerability, please do not open a public GitHub issue.

Report it privately using one of the options below.

If enabled for this repository:

• Go to the repository
• Open the "Security" tab
• Click "Report a vulnerability"

Send details to: [email protected]

Please include:

• steps to reproduce
• affected version or commit SHA
• impact (what an attacker could do)
• any proof-of-concept (if safe to share)

• You should receive an acknowledgement within a few days.
• If confirmed, a fix will be prepared and released.
• Please allow time for verification and testing before public disclosure.

Responsible disclosure is appreciated. Please avoid publishing details until a fix is available.